W32/Stration.DU@mm

Alias/esEmail-Worm.Win32.Warezov.ev, TROJ_STRAT.FC, W32/Stratio-AA, W32/Stration@MM, W32/Warezov.FW, Win32.Worm.Stration.CO, Win32/Stration.NB
Release DateOct 31, 2006
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 11.586
Description

Visible Symptoms

  • Possible firewall alert that an executable is attempting to connect to the internet.
  • System is also infected with W32/Stration.DS@mm.
  • A fake error message box is displayed.

Detailed Analysis

  • Copies itself to the System folder using a random filename.

  • Displays the following message box:
    Title: Error
    Message: Unknown error
  • Downloads a file from the following URL, then executes it:
    http://www6.endf{REMOVED}ihus.com/chr/835/nt.exe
    This file is detected as W32/Stration.DS@mm.
Reference: ID - 302011